[BUG](ci) Issue fetching requires more broadly scoped permissions

lowlydba · lowlydba · commit 6b624b85197a · 2026-04-14T17:07:57.000-04:00
Signed-off-by: John McCall &lt;john@overturemaps.org&gt;
diff --git a/.github/actions/overture-projection/action.yml b/.github/actions/overture-projection/action.yml
@@ -201,8 +201,8 @@ runs:
         echo "name=${repo##*/}" >> "$GITHUB_OUTPUT"
 
     # -- Step 0c: Generate an installation token for cross-repo context reads --
-    # Scoped to exactly two repos: omf-devex (skills + context files) and the
-    # target PR repo (posting the review). Avoids the default org-wide token.
+    # App is already scoped, but we need access to all repositories to ensure we can fetch linked issues
+    # Otherwise the API returns an empty result when trying to fetch linked issues, instead of an auth error.
     - name: Generate context token
       id: context-token
       if: ${{ inputs['app-private-key'] != '' }}
@@ -211,10 +211,6 @@ runs:
         app-id: ${{ inputs['app-id'] }}
         private-key: ${{ inputs['app-private-key'] }}
         owner: ${{ github.repository_owner }}
-        repositories: |
-          omf-devex
-          operating-procedures
-          ${{ steps.target_repo.outputs.name }}
 
     # -- Step 1a: Checkout skills from omf-devex --------------------------------
     # Sparse-checks out only the skills/ tree from omf-devex at a fixed ref.
